Attack steals $20 million from DeFi Pickle Finance protocol

The dangers of decentralised finance are in the spotlight once again after the latest major robbery in the DeFi

In another attack on a major decentralized finance protocol (DeFi), the Pickle Finance farming project had US$20 million hacked on Saturday.

The attack took place late in the day, and experienced ETH Twitter users were quick to notice that Picke’s cDAI jar (‚jar‘ is the term used by the protocol for a revenue vault) had been emptied:

I think the @picklefinance cDAI jar has just been attacked and emptied. https://t.co/Lxwi2dWSSZ

Unlike other recent attacks, however, this one in particular was not based on quick loans – an increasingly defamed DeFi tool that allows potential exploiters additional liquidity to manipulate network prices. Instead, this hacker exchanged funds between a malicious copycat contract and the cDAI jar.

In an interview with the Cointelegraph, Emiliano Bonassi – a self-described whitehat hacker, co-founder of DeFi Italia – explained that the invader has created „evil jars“, intelligent contracts that „have the same interface as traditional jars, but have pernicious purposes“.

The invader then exchanged funds between his „evil jar“ and the real cDAI jar, earning US$20 million in deposits.

Jars of evil implanted during the attack and passed in the swapExactJarForJar, investigating more about thishttps: //t.co/szRloiecV8https: //t.co/l2xT4zhQB1

There are rational operations performed in this method (e.g. approve, withdraw, etc.). pic.twitter.com/29RNkF4vJb

Perhaps, however, the vulnerabilities of one vertical DeFi might lead to the success of another. Said one Twitter trader:

Particularly after the attack on Harvest Finance, Pickle Finance appeared to be on its way to becoming one of the most important farming protocols. At the time of this article, Pickle Finance’s statistics website reported nearly $75 million of the total amount still allocated on the books, while the price of Pickle Finance’s governance token pickle fell 50 percent on the day to $11.16.

Pickle Finance’s problems are just the latest in a worrying trend across the DeFi space. Victims of recent attacks in recent weeks include Harvest Finance, Crypto Genius, Value DeFi, Akropolis, Cheese Bank and Origin Dollar, among others.

Perhaps, however, the vulnerabilities of one DeFi vertex can lead to the success of another. A trader of this on Twitter:

Security audits are a meme.

The new „audit“ will have adequate insurance coverage. $Insurance $ Coverage